← back
CVE-2019-3929

CVE-2019-3929

CVSS 9.8 CRITICALEPSS 99.0%● KEVCWE-79
In short

Multiple wireless presentation devices contain a flaw in their web interface that allows attackers to run commands with full system privileges without needing a password. An attacker can exploit this remotely over the network to take complete control of the device.

Technical detail

Unauthenticated command injection vulnerability in the file_transfer.cgi endpoint across multiple vendor presentation device firmwares. The vulnerability permits remote execution of arbitrary operating system commands with root privileges; no authentication or user interaction is required.

Summary generated and translated by AI from the official description.
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Crestron · Crestron AirMedia, Barco WePresent, Extron ShareLink, Teq AV IT WIPS710, SHARP PN-L703WA, Optoma WPS-Pro, Blackbox HD WPS, InFocus LiteShow3, and InFocus LiteShow4.
public PoCs found6
githubgithub.com/xfox64x/CVE-2019-39295cve_referencepacketstormsecurity.com/files/152715/Barco-AWIND-OEM-Presentation-Platform-Unauthenticated-Remote-Command-Injection.htmlunverifiedcve_referencepacketstormsecurity.com/files/155948/Barco-WePresent-file_transfer.cgi-Command-Injection.htmlunverifiedcve_referencewww.exploit-db.com/exploits/46786/unverifiedexploitdbwww.exploit-db.com/exploits/46786unverifiedexploitdbwww.exploit-db.com/exploits/47924unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/152715/Barco-AWIND-OEM-Presentation-Platform-Unauthenticated-Remote-Command-Injection.htmlhttp://packetstormsecurity.com/files/155948/Barco-WePresent-file_transfer.cgi-Command-Injection.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3929https://www.exploit-db.com/exploits/46786/https://www.tenable.com/security/research/tra-2019-20